Business Requirements (Getting Started)

Before starting development of your transaction processing solution, you need to have a clear understanding of your business objectives and business requirements in order to successfully deploy the First Data Payeezy Gateway web service API. This guide is intended to help you deploy First Data’s services through the use of the Payeezy Gateway Web Service API. Before launching the Payeezy Gateway web service API you will need to:

Establish merchant accounts through your financial institution for the card types you wish to process.

Acquire a 128-bit Secure Socket Layer (SSL) Server Certificate if you plan to use a web online storefront

Integrate the Payeezy Gateway web service API with your website to enable gateway connectivity between your payment interface and First Data’s servers.

Key Players in Payment Processing

Merchant – Provides the point-of-sale payment solution in order to sell their product or services to a Customer.

Customer/Consumer – The credit cardholder placing a purchase via the merchant’s payment solution. The cardholder receives their credit card from an Issuer.

Issuer/Issuing bank – The card company (Visa, MasterCard etc) or bank that issues the credit card to a cardholder.

Acquirer/Merchant bank – The financial institution that provides the merchant with the necessary merchant accounts for accepting credit card payments (e.g. Visa, MasterCard). The Acquirer processes authorizations and settlements to the merchant’s accounts and handles the financial exchanges between the merchant and customer’s credit card issuer bank.

Payment Gateway Provider/CSP – This is Payeezy Gateway. We provide the gateway technology to process payments via the Internet. We are the bridge between the merchant’s Point-Of-Sale and the acquirer’s financial processing system.

Merchant Accounts

As a merchant business, you will need merchant accounts in order to accept payments. The type of account will depend on the device and method by which you accept credit card data. Separate merchant accounts must be obtained for Card Present and Card-Not-Present transactions. Payeezy Gateway technology can process for both Card-Not-Present and Card Present environments.

Card-Not-Present

Card-Not-Present means that the merchant does not handle the card physically or receive the cardholder’s signature. Two variations are:

Because of the nature of Internet Merchant Accounts there is a higher risk of charge-backs and fraud. Familiarizing yourself with these concerns will help you address the banks’ requirements for your business.

Card Present

For businesses that handle the credit card physically and receive the cardholder’s signature. Deployed primarily in brick-and-mortar outlets, usually a card-swipe device is utilized.

Credit Cards Supported

Cardholders will be charged in whatever currency your merchant account is in. A conversion rate is then applied to the cardholder's purchase by their bank. The ticket price will appear with the converted local currency on a foreign cardholder’s bill. The credit card exchange rate may be different from the standard daily currency exchange rates, and for a purchase versus a refund.

Multiple Currencies

Currently, Payeezy Gateway can handle multiple currencies. A list of supported currencies can be found here.

First Data Payeezy Gateway Web Service API

The Payeezy Gateway web service API uses IP Socket connections and banking networks to implement real-time transaction processing for merchant businesses. Once integrated into the merchant’s payment processing environment, the Payeezy Gateway web service API creates an individual payment gateway. The Payeezy Gateway web service API can also be implemented into recurring billing, reservation systems, IVR telephony, physical POS terminals, and other applications. You can find all the info you'll need by going to our API Forum.

3-D Secure

3-D Secure is a program that requires cardholders to authenticate themselves to their issuing bank, thus helping to reduce fraudulent transactions, and can in turn reduce charge backs to merchants under some circumstances.

This is provided as a Thin Client.

3-D Secure Transaction Flow

The following steps illustrate the flow for processing a transaction using 3-D Secure.

Customer clicks pay on their website.

The 3-D Secure software implemented at the merchant’s site checks the 3-D Secure Merchant Service and Visa’s Directory Server to see if the credit card issuer and card are enrolled in 3-D Secure.

The 3-D Secure software continues handling the enrolment check.

- If the card is not enrolled, the merchant’s 3-D Secure software hands off the transaction to the payment software (step 4).

- If the card is enrolled in 3-D Secure, the merchant software will initiate a dialog between the cardholder’s Internet browser and their card-issuing bank. The cardholder is then required to enter a password that they have previously set up with their issuer as part of their enrolment in the 3-D Secure program.

The 3-D Secure software hands off the transaction to the payment software.

- If the card was not enrolled or the authentication password was entered correctly, the merchant’s software is advised to proceed with the transaction. This results in increased charge back protection. (See the Bank Related Issues section below for more information.)

- If the cardholder fails authentication, the merchant should not proceed with processing the transaction.

Payeezy Gateway Account Information

Realtime Payment Manager (RPM)

Each merchant receives access to First Data Payeezy Gateway Real-time Payment Manager (RPM), a real-time web-based back-office application that logs the transactions conducted through the Virtual POS, POS Batch, First Data Payeezy Gateway Payment Pages or the Payeezy Gateway web service API. Searches and refunds can be conducted. RPM does not require any software installation, but does require User IDs for access.

User Logins

User Logins are needed to access the Payeezy Gateway Real-time Payment Manager (RPM) at globalgatewaye4.firstdata.com. User Logins consist of Login Name and Password. Users will encounter two sets of User Logins:

Payeezy Gateway Real-time Payment Manager (RPM)

Production Account User Login: Provides access to the merchant’s Payeezy Gateway account in the production system. These User Logins are created and provided by First Data upon your account setup.

Demo Account ID: For demo environment to test gateway features and functionality. A demo account is not connected to a production account. For more information on a demo account or to sign up for one click here.)

Payeezy Gateway Terminal Credentials

Payeezy Gateway Servers identify a merchant’s accounts (demo or production) by assigning virtual Gateway Terminals to them. A Terminal is identified by Gateway Terminal Credentials. The Terminal credentials establish the interaction between the Payeezy Gateway software and our payment servers.

All Terminal Credentials consist of:

Gateway Terminal ID (9 character identifier)

Password (8 characters, alphanumeric)

There are a series of Gateway Terminal Credentials you and your developer will encounter:

Demo IDs (For demo environment to test gateway features and functionality. To set up a demo account, click here)

When the code is ready to be moved from test mode to production mode, the Demo Account Credentials need to be replaced with the Payeezy Gateway Production Credentials. Please note that without Gateway Terminal Credentials, you will not be able to enable any type of account (demo or production).

Setting up Multiple Terminals & Currencies

A merchant may receive more than one Production Gateway Terminal ID. They are most likely to receive more than one Terminal ID if they:

First Data suggests the following testing procedure for your developers to follow prior to launching your solution:

With Demo Account Credentials (Demo Environment)

Connectivity testing

Transactional testing

Reconciliation of the records in online reports (Realtime Payment Manager and the Merchant’s database)

With Production Account Credentials (Production Environment)

Connectivity testing

Transactional testing

Reconciliation of the records in online reports (RPM and the Merchant’s database)

Funds Settlement (checking the bank statements)

Payeezy Gateway Features

Payeezy Gateway services provide flexibility to the merchant and developer regarding functionality and audit control of transactional data. Many of the features listed below are optional.

Customer Transaction Record (CTR) Display

Most financial institutions require that the CTR be displayed to the cardholder after all transactions. Payeezy Gateway offers a pre-configured CTR for all transactions. The CTR displays bank information, cardholder name, merchant name and address and status of the transaction (approved or declined) to the cardholder and merchant. The format of the CTR is fixed font, plain text.

If the standard format does not meet with the graphical requirements of the merchant’s web page and/or the merchant’s financial institution, the developer can build a customized CTR using the existing response properties (see the Payeezy Gateway Technical Users Guide or the Payeezy Gateway Programming Reference Guide).

Data Tracking

Much of the transactional data displayed within the Payeezy Gateway Real-time Payment Manager (RPM) can be stored in your company’s database for quality assurance and data mining. Many of the information fields used for reporting are available for storage. The CTR properties can be stored in your company’s database allowing for transactions to be searched and archived.

The properties are:

Account Information

Type of Transaction

Card Type, Amount & Currency

Cardholder Name

Date/Time

Reference #, Customer Ref# (determined by merchant)

Authorization # (from bank)

“Approved” or “Declined” and Bank Processor Response Code

eCommerce Response Code

CAVV

CAVV Result

Electronic Commerce Indicator

Secure AuthRequired

Secure AuthResult

Transaction Reference Numbers

You can include a Reference Number and Customer Reference Number along with the other transaction details sent to the Payeezy Gateway servers. Please note these Reference numbers are separate from the Bank Reference # that appears on the CTR.

Reference_No is a merchant-defined transactional property. It can be alphanumeric and up to 20 characters long. This appears on the CTR.

Customer_Ref is a merchant-defined transactional property. It can be alphanumeric and up to 20 characters long.

Response Codes

Both the bank network and Payeezy Gateway generate Response Codes for each transaction processed. If there is a decline or a failure in transmission, these Response Codes give further information on the transaction. The transaction Response Codes are detailed in the Payeezy Gateway Technical Users Guide.

Cardholder Verification Systems

Validating a cardholder’s identity helps protect against fraudulent transactions. Two methods exist for validating a cardholder’s identity when processing card not present (MOTO and e-commerce) transactions. Merchants who do not utilize AVS or CVD/CVV2 may be subject to additional fees imposed by their acquiring institution or bank.

Cardholder Verification Value (CVV2, CVC2 and CID)

Another new method of cardholder verification uses the Card Verification Value (CVV). The generic system name is labeled Card Verification Value 2 (CVV2) by Visa, Card Validation Code 2 (CVC2) by MasterCard and Cardholder Identification Code (CID) by American Express.

Card Verification information is not contained in the magnetic stripe information nor does it appear on sales receipts. It is an additional 3 to 4 character value, printed on the front or back of Visa, MasterCard, and American Express cards. To use Card Verification, enter the 3 to 4 character value along with the other transactional information at the time of processing the transaction. If the 3 to 4 character value is not authenticated by the cardholder’s bank, the transaction will be declined. If the 3 to 4 character value is authenticated, the transaction will be processed normally.

Payeezy Gateway Server Options

Payeezy Gateway Server Options consist of various settings that can be configured on each Payeezy Gateway account. Their primary purpose is to reduce human error and fraud. Each account is set up with a default of “Unrestricted” for all of these options. The Unrestricted status can only be modified by direct request to First Data Customer Service. See Payeezy Gateway Technical Users Guide for further details on setting up these options.

Duplicate Checking

Duplicate checking will monitor for duplicate transactions within a specified time frame. If any duplicates are found, they will be denied by the Payeezy Gateway system.

Refund Restrictions

Refund Restrictions will limit the number of refunds and the total dollar amount that can be refunded on a given day. The refund count and dollar amount is limited, and if exceeded, the transactions will be denied by the Payeezy Gateway system.

Velocity Controls

Velocity Controls place limits on the total purchase dollar amount by credit card number or by merchant account over a specified period of time.

It should also be noted that Velocity Controls are a risk management tool and not a fraud prevention tool. Velocity Controls can be used to avoid repeated approved transactions that might seem suspicious to the Merchant.

The purpose of velocity controls is to potentially lessen the opportunity for a cardholder to perpetrate fraudulent transactions.

Velocity Controls are calculated before a transaction is authorized and the threshold is based on approved transactions.

AVS Filter

The AVS Filter works on negative matching. AVS codes are specified, and then set up on the AVS Filter. If a transaction meets the AVS criteria it is rejected. The AVS Filter can be set up in lieu of software-based AVS.

Credit Card Number Filter

Merchants can request that we enter a fraudulent credit card number into the Payeezy Gateway database so that all Payeezy Gateway customers are protected from the fraudulent card number. The card number needs to be verified as fraudulent by the credit card issuer prior to filtering. Further details available upon request to First Data Customer Service.

Please Note: First Data recommends that you save the Payeezy Gateway eCommerce Response Codes (see the Payeezy Gateway Technical Users Guide) that are returned from the Payeezy Gateway system, in case you wish to investigate transactions that have been affected by the Gateway Server Options.

2) Enter your User Login and Password and press Login (Please note – upon your first login, you will be prompted to change your password to a new 8 digit alphanumeric password. Once reset, you will be prompted to change your password every 60-days)

3) Once logged on you will be on the Home Page.

4) Familiarize yourself with the various screens available for viewing and interaction.

User-Level Definitions

Users can have different access levels. Some of the more common access levels include:

Email Notifications

Individuals can receive an email report that sends notification of possible scheduled or unscheduled interruptions in service, etc.

Making Changes to Users

If you need to change your login and/or password, add a new user or remove a current user please contact your Merchant Administrator.

Bank Related Issues

Merchant Category Code

Banks assign a merchant category code to describe your type of business. If your business description on a cardholder’s statement is not accurate, please contact your bank to have your record modified.

Call/Voice Authorizations

It is possible that voice authorizations can be processed through Payeezy Gateway. There are different transaction types associated with processing voice-authorized transaction. Please contact First Data for the access and information needed to process voice authorization transactions.

Refund or Purchase Limits

If you have high dollar amount refunds, or ticket items that you are not able to process through Payeezy Gateway, it is possible that you may have restrictions set on your merchant account(s). Please contact your bank agent to investigate. Refund limits are set for each merchant account by the bank. However, if you have set refund restrictions on Payeezy Gateway, then you may have two parties limiting transaction volumes on your account.

Chargebacks

Payeezy Gateway is not involved in chargebacks. Chargebacks are charged against your merchant account if a cardholder contests a charge made to their credit card as either being mistaken or fraudulent and requests that it be charged back to the merchant. Banks monitor chargeback activities, expecting charge-backs to remain in the 1% range. If the percentage is higher, your discount rate and/or you account may be reviewed by the bank.

Talk about chargeback procedures with your bank representative or their customer service personnel. Also refer to online resources and merchant associations for further information on how to minimize charge-backs and potential fraud.